Linux Network Administration - Glossary

A

Access Control List (ACL)

An access control list is an extended permission mechanism that allows a Linux administrator to grant file or directory permissions to specific users and groups beyond the traditional owner, group, and others permission model.

Address Resolution Protocol (ARP)

ARP maps an IPv4 address to a hardware MAC address on a local network. Linux administrators commonly inspect ARP behavior with commands such as ip neigh.

Application Layer

The application layer contains protocols used directly by applications, such as HTTP, HTTPS, DNS, SMTP, SSH, and NFS.

auditd

auditd is the Linux audit daemon. It records security-relevant events such as file access, privilege escalation, authentication attempts, and changes to system configuration.

B

Backbone

A backbone is the high-capacity core of a hierarchical network. Stub networks and transit networks connect through the backbone so that traffic can move between different network segments.

Bash

Bash is a widely used command-line shell on Linux systems. It supports interactive command execution, scripting, variables, functions, pipelines, redirection, and job control.

Border Gateway Protocol (BGP)

BGP is the routing protocol used to exchange routing information between autonomous systems on the Internet. It is primarily used by Internet service providers, cloud providers, large enterprises, and edge networks.

Block Device

A block device is a storage device that reads and writes data in fixed-size blocks. Examples include hard drives, SSDs, NVMe devices, and logical volumes.

Bonding

Network bonding combines multiple network interfaces into one logical interface for redundancy, load balancing, or increased throughput.

Bridge

A network bridge connects network segments at Layer 2. Linux bridges are commonly used for virtualization, containers, and software-defined networking.

C

cgroups

Control groups, or cgroups, are a Linux kernel feature used to limit, account for, and isolate resource usage such as CPU, memory, disk I/O, and process counts. Containers rely heavily on cgroups.

Classless Inter-Domain Routing (CIDR)

CIDR is a modern IP addressing method that represents networks with prefix notation, such as 192.168.1.0/24 or 2001:db8::/32. CIDR replaced older classful addressing.

Client

A client is either a process that requests a network service or a computer running that client process. For example, an SSH client requests a secure remote shell session from an SSH server.

cloud-init

cloud-init is a common initialization system for Linux cloud instances. It configures users, SSH keys, packages, network settings, and startup scripts when a virtual machine first boots.

Concurrent Server

A concurrent server accepts an incoming connection and then delegates the handling of that connection to another process, thread, or event-driven execution path. In the classic UNIX model, the server calls fork(); the child handles the connection while the parent returns to listening on the original port. This allows the server to remain available for additional incoming connections.

Container

A container is an isolated runtime environment that packages an application with its dependencies while sharing the host Linux kernel. Containers use Linux features such as namespaces, cgroups, capabilities, and filesystem isolation.

cron

cron is a traditional UNIX/Linux job scheduler used to run commands or scripts at specified times. On modern Linux systems, some scheduled tasks may also be implemented with systemd timers.

D

Daemon

A daemon is a background process that runs independently of an interactive login session. Daemons commonly provide services such as logging, scheduling, networking, web serving, database access, and remote administration.

Default Gateway

The default gateway is the router used when a host needs to send traffic to a destination outside its local network.

Dynamic Host Configuration Protocol (DHCP)

DHCP automatically assigns IP addresses, subnet masks, gateways, DNS servers, and other network configuration parameters to hosts on a network.

DNS

Domain Name System resolves domain names such as example.com into IP addresses. DNS also supports reverse lookups, mail exchange records, service discovery records, and security extensions such as DNSSEC.

DNSSEC

DNS Security Extensions add cryptographic validation to DNS responses. DNSSEC helps protect against certain forms of DNS spoofing and cache poisoning.

Domain

On the Internet, a domain is a named administrative space such as example.com. Hosts within the domain may share a common DNS suffix.

DoT and DoH

DNS over TLS (DoT) and DNS over HTTPS (DoH) encrypt DNS queries to improve privacy and reduce exposure of DNS traffic on untrusted networks.

E

eBPF

Extended Berkeley Packet Filter is a Linux kernel technology that allows safe, event-driven programs to run inside the kernel for observability, networking, tracing, and security use cases.

Ethernet

Ethernet is the dominant family of wired LAN technologies standardized by IEEE 802.3. Modern Ethernet typically uses switched star topologies rather than the original shared bus design. Historical Ethernet used CSMA/CD, but full-duplex switched Ethernet no longer depends on collision detection in the same way.

exec()

The exec() family of system calls replaces the current process image with a new program. In server programming, fork() and exec() are often discussed together.

F

Fiber Distributed Data Interface (FDDI)

FDDI is a legacy 100 Mbit/s ANSI LAN technology based primarily on fiber-optic cabling. It is historically important but has largely been replaced by modern Ethernet technologies.

File Transfer Protocol (FTP)

FTP is a legacy protocol for transferring files over a network. Because traditional FTP does not encrypt credentials or data, modern administration normally favors SFTP, SCP, HTTPS-based transfer, rsync over SSH, or other encrypted alternatives.

Filesystem Hierarchy Standard (FHS)

The Filesystem Hierarchy Standard defines common directory conventions on Linux systems, including locations such as /etc, /var, /usr, /home, and /tmp.

firewalld

firewalld is a dynamic firewall management service used by many Linux distributions. It organizes rules into zones and services and commonly uses nftables as its backend on modern systems.

fork()

fork() is a UNIX/Linux system call that creates a child process by duplicating the calling process. It is central to the classic concurrent server model.

G

Gateway

A gateway links one network to another. In TCP/IP administration, the term often refers to a router that forwards traffic from a local network to external networks.

glibc

GNU C Library is the standard C library used by many Linux distributions. It provides system call wrappers, name resolution functions, memory allocation, string handling, and many other core runtime services.

Group

A group is a collection of user accounts used to manage permissions. Linux file permissions and ACLs commonly assign access based on group membership.

H

Hostname

A hostname is the human-readable name assigned to a system. It may be local to the machine or registered in DNS as a fully qualified domain name.

Hypertext Transfer Protocol (HTTP)

HTTP defines how clients and servers exchange web resources. Modern web administration usually uses HTTPS, which layers HTTP over TLS encryption.

HTTP/3

HTTP/3 is a modern version of HTTP that runs over QUIC instead of TCP. It is designed to improve performance, connection migration, and latency behavior on modern networks.

HTTPS

HTTPS is HTTP protected by TLS encryption. It provides confidentiality, integrity, and server authentication for web traffic.

I

Internet Control Message Protocol (ICMP)

ICMP is used to communicate network-layer errors and diagnostic information. Tools such as ping and traceroute rely on ICMP behavior.

inetd

inetd is the legacy Internet super-server that listens for network connections and starts service daemons on demand. On modern Linux systems, systemd socket activation often provides a more current equivalent.

IP Address

An IP address identifies a host or interface on an IP network. IPv4 addresses are usually written in dotted decimal notation, such as 192.168.1.10. IPv6 addresses use hexadecimal notation, such as 2001:db8::10.

ip Command

The ip command is the modern Linux tool for viewing and configuring network interfaces, addresses, routes, tunnels, and neighbor entries. It replaces many older uses of ifconfig, route, and arp.

iptables

iptables is a legacy Linux firewall tool used to configure packet filtering and NAT rules. Many modern systems now use nftables, directly or through tools such as firewalld.

Iterative Server

An iterative server receives an incoming connection, handles the request, closes the connection, and then returns to listening on its well-known port. While the server is handling one request, additional requests must wait. This model is simple but less scalable than concurrent or event-driven server designs.

IPv4

IPv4 is the 32-bit version of the Internet Protocol. It remains widely used and is commonly represented with dotted decimal notation.

IPv6

IPv6 is the 128-bit version of the Internet Protocol. It provides a much larger address space, improved autoconfiguration support, and simplified packet header design compared with IPv4.

J

journalctl

journalctl is the command used to query logs collected by the systemd-journald service.

K

Kernel

The kernel is the core of the Linux operating system. It manages CPU scheduling, memory, processes, filesystems, devices, networking, security controls, and system calls.

Kernel Module

A kernel module is loadable code that extends kernel functionality, such as device drivers, filesystems, and networking features.

Kubernetes

Kubernetes is a container orchestration platform used to deploy, scale, and manage containerized workloads across clusters of machines.

L

Local Area Network (LAN)

A LAN is a network that connects systems within a limited physical area, such as a home, office, lab, or campus building.

Least Privilege

Least privilege is the security principle that users, processes, and services should receive only the permissions required to perform their intended function.

Loopback Address

The IPv4 loopback address is 127.0.0.1. The IPv6 loopback address is ::1. Loopback addresses refer to the local machine and are used for diagnostics and local service testing.

Logical Volume Manager (LVM)

LVM provides flexible disk management by abstracting physical storage into volume groups and logical volumes. It supports resizing, snapshots, and storage aggregation.

M

MAC Address

A MAC address is a Layer 2 hardware address used by Ethernet and Wi-Fi interfaces to identify devices on a local network segment.

MTU

Maximum Transmission Unit is the largest packet or frame size that can be transmitted across a network link without fragmentation.

Multicast

Multicast is a network delivery method where traffic is sent from one source to multiple interested receivers without sending a separate copy to each destination.

N

Namespace

A Linux namespace isolates a resource view for a process. Namespaces are used for process IDs, mounts, networks, users, hostnames, and interprocess communication. Containers depend on namespaces for isolation.

Network Address Translation (NAT)

NAT modifies IP address information as packets pass through a router or firewall. It is commonly used to allow private networks to access external networks through shared public addresses.

Netmask

A netmask identifies which part of an IPv4 address represents the network and which part represents the host. Modern notation often uses CIDR prefixes such as /24.

Network Information Database

The Network Information Database is a legacy concept for synchronizing account or host information across systems. Modern environments more commonly use LDAP, Kerberos, Active Directory integration, identity providers, or centralized configuration management.

Network Information Service (NIS)

NIS is Sun Microsystems' legacy Yellow Pages client-server protocol for distributing system configuration data such as user names, groups, and host names across UNIX systems. It is largely considered obsolete for security-sensitive environments.

NetworkManager

NetworkManager is a Linux service and toolset for managing network interfaces, Wi-Fi, VPNs, DNS settings, routes, and connection profiles.

NFS

Network File System allows remote directories to be mounted over a network. Modern Linux deployments commonly use NFSv4 with stronger security and better firewall behavior than older NFS versions.

nftables

nftables is the modern Linux packet filtering framework that replaces many older uses of iptables, ip6tables, arptables, and ebtables.

NNTP

Network News Transfer Protocol is a legacy protocol used for reading and distributing Usenet news articles. It is historically important but much less central to modern Linux network administration.

O

OpenSSH

OpenSSH is the standard suite of tools for secure remote login, command execution, file transfer, tunneling, and key-based authentication on Linux systems.

OSI Model

The OSI model is a conceptual framework for understanding network communication in layers, from physical transmission to application-level protocols.

P

Packet

A packet is a formatted unit of data transmitted across a network. Packets contain headers that identify source, destination, protocol, and control information.

Pluggable Authentication Modules (PAM)

PAM is a Linux authentication framework that allows services to use configurable authentication policies for login, SSH, sudo, screen locking, and other access mechanisms.

Podman

Podman is a daemonless container engine used to run and manage OCI-compatible containers and pods on Linux systems.

Point-to-Point Protocol (PPP)

PPP is a legacy protocol for establishing direct network links, historically common for dial-up and point-to-point connections.

Port

A port is a logical endpoint used by transport-layer protocols such as TCP and UDP. For example, SSH commonly uses TCP port 22 and HTTPS commonly uses TCP port 443.

Process

A process is a running instance of a program. Linux tracks processes with process IDs and manages their memory, scheduling, open files, credentials, and signals.

Protocol Stack

A protocol stack is a layered set of protocols that work together to provide network communication. The TCP/IP stack includes link-layer, Internet-layer, transport-layer, and application-layer protocols.

Q

QUIC

QUIC is a modern encrypted transport protocol built on UDP. It is used by HTTP/3 and is designed to reduce latency and improve connection behavior across changing networks.

R

Raw Socket

A raw socket allows privileged programs to send and receive packets with direct access to lower-level protocol headers. Raw sockets are useful for diagnostic tools, routing protocols, and specialized network utilities.

Resolver Library

The resolver library provides functions used by applications to resolve hostnames into IP addresses. On Linux, name resolution may involve files such as /etc/hosts, DNS, systemd-resolved, LDAP, or other NSS modules.

RIP

Routing Information Protocol is a legacy distance-vector routing protocol based on hop count. It is historically important but less common in modern enterprise networks than protocols such as OSPF, IS-IS, or BGP.

Route

A route tells the operating system or router where to send packets for a destination network. Linux routes are commonly viewed with ip route.

Router

A router forwards packets between networks. Routers operate primarily at the network layer and use routing tables and routing protocols to determine forwarding paths.

rsync

rsync is a file synchronization tool that efficiently copies changed data between directories or systems. It is frequently used with SSH for secure remote synchronization.

S

SCP

Secure Copy Protocol is a file transfer mechanism that uses SSH for encrypted transport. In many modern workflows, SFTP or rsync over SSH is preferred.

SELinux

Security-Enhanced Linux is a mandatory access control system that enforces security policy beyond traditional discretionary file permissions.

Serial Port

A serial port is an interface used for serial communication. Although less common on desktop systems, serial consoles remain important for servers, embedded systems, network appliances, and recovery access.

Server

A server is either a process that provides services in response to client requests or a computer that runs one or more server processes.

Service Access Facility

The Service Access Facility is a legacy Solaris mechanism for controlling access to server processes. On Linux, comparable service supervision is normally handled by systemd, service managers, socket activation, and access-control mechanisms.

SFTP

SSH File Transfer Protocol is a secure file transfer protocol that runs over SSH. It is commonly used as a safer replacement for traditional FTP.

SMTP

Simple Mail Transfer Protocol is used to send email between mail servers and from clients to mail submission servers. Modern SMTP deployments usually use TLS, authentication, SPF, DKIM, and DMARC.

Socket

A socket is an endpoint for communication between processes, either across a network or locally on the same system.

SSH

Secure Shell is the standard encrypted protocol for remote Linux administration. SSH replaced Telnet for secure remote login and supports key-based authentication, tunneling, command execution, and file transfer.

sudo

sudo allows authorized users to run commands with elevated privileges according to policy rules, commonly configured in /etc/sudoers or files under /etc/sudoers.d/.

SUID Permission

The SUID permission causes an executable file to run with the privileges of the file owner rather than the user who launched it. Because SUID can create privilege-escalation risk, administrators should audit SUID programs carefully.

systemd

systemd is the service manager and initialization system used by many modern Linux distributions. It manages services, targets, sockets, timers, logging integration, dependencies, and boot-time orchestration.

systemd-resolved

systemd-resolved is a system service that provides local DNS resolution, caching, DNS routing by interface, and integration with modern Linux networking tools.

T

TCP

Transmission Control Protocol is a transport-layer protocol that provides reliable, ordered, connection-oriented data transmission.

TCP/IP

TCP/IP is the protocol suite used by the Internet and most modern networks. It includes protocols such as IP, TCP, UDP, ICMP, DNS, HTTP, SSH, and many others.

Telnet

Telnet is a legacy protocol for remote terminal access. Because Telnet transmits data without encryption, it should generally be replaced by SSH for administration.

Transport Layer Security (TLS)

TLS is a cryptographic protocol used to protect network communication. It is used by HTTPS, secure SMTP, secure IMAP, and many other protocols.

Transport Layer

The transport layer provides end-to-end communication between processes. TCP and UDP are the most common transport-layer protocols in TCP/IP networks.

U

UDP

User Datagram Protocol is a connectionless transport-layer protocol. It is used by applications that need low overhead, tolerate some loss, or implement reliability at a higher layer. DNS, QUIC, VoIP, and streaming applications commonly use UDP.

umask

umask defines the default permission bits removed when new files or directories are created.

UNIX Domain Socket

A UNIX domain socket provides local interprocess communication on the same machine. It is often used by daemons, databases, and local services.

User ID (UID)

A UID is the numeric identifier associated with a Linux user account. The root user traditionally has UID 0.

V

Virtual LAN (VLAN)

A VLAN separates Layer 2 network traffic into logical broadcast domains over shared physical infrastructure.

Virtual Private Network (VPN)

A VPN creates an encrypted tunnel between systems or networks. Linux administrators commonly encounter VPNs based on WireGuard, IPsec, or OpenVPN.

W

WAN

A Wide Area Network connects systems across large geographic distances, such as branch offices, data centers, cloud regions, and Internet-connected sites.

Wayland

Wayland is a modern Linux display server protocol intended to replace many uses of the older X Window System architecture.

WireGuard

WireGuard is a modern VPN protocol and Linux kernel-supported technology known for simpler configuration, strong cryptography, and efficient performance.

X

X Window System

The X Window System is a legacy network-transparent graphical display system used by UNIX and Linux systems. It separates the display server from client applications, allowing graphical applications to run on one machine while displaying on another.

X-Windows

X-Windows is a common informal name for the X Window System. Modern Linux desktops increasingly use Wayland, although X remains important for compatibility.

xinetd

xinetd is an extended Internet services daemon that historically replaced or supplemented inetd. On modern Linux systems, many on-demand service patterns are handled by systemd socket activation.

Z

Zero Trust

Zero Trust is a security model based on continuous verification, least privilege, strong identity, device posture, segmentation, and the assumption that no network location is automatically trusted.

10BaseT

10BASE-T is a legacy Ethernet standard that runs at 10 Mbit/s over twisted-pair cabling. It is historically important, but modern networks usually use Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet, or faster standards.